OP 25 October, 2022 - 03:45 PM
The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall.
"Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News.
The updates, while retaining the same surveillance functionality as earlier versions, are designed to evade detection by security solutions, the Slovak cybersecurity firm added.
Domestic Kitten, also called APT-C-50, is an Iranian threat activity cluster that has been previously identified as targeting individuals of interest with the goal of harvesting sensitive information from compromised mobile devices. It's been known to be active since at least 2016.
A tactical analysis conducted by Trend Micro in 2019 revealed Domestic Kitten's potential connections to another group called Bouncing Golf, a cyber espionage campaign targeting Middle Eastern countries.
APT-C-50 has primarily singled out "Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidents, opposition forces, ISIS advocates, the Kurdish minority in Iran, and more," according to Check Point.
Campaigns undertaken by the group have traditionally relied on luring potential victims into installing a rogue application via different attack vectors, including Iranian blog sites, Telegram channels, and SMS messages.
"Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News.
The updates, while retaining the same surveillance functionality as earlier versions, are designed to evade detection by security solutions, the Slovak cybersecurity firm added.
Domestic Kitten, also called APT-C-50, is an Iranian threat activity cluster that has been previously identified as targeting individuals of interest with the goal of harvesting sensitive information from compromised mobile devices. It's been known to be active since at least 2016.
A tactical analysis conducted by Trend Micro in 2019 revealed Domestic Kitten's potential connections to another group called Bouncing Golf, a cyber espionage campaign targeting Middle Eastern countries.
APT-C-50 has primarily singled out "Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidents, opposition forces, ISIS advocates, the Kurdish minority in Iran, and more," according to Check Point.
Campaigns undertaken by the group have traditionally relied on luring potential victims into installing a rogue application via different attack vectors, including Iranian blog sites, Telegram channels, and SMS messages.